New Sophos XG license terms !?!

You do wonder what these companies are doing or just so desperate - Sophos License Activation Policy Sophos Partner Portal

(5) Will these license changes impact your business? : sophos (

I had pfsense previously running on a Sophos XG 230 Rev2 unit very nicely.

I predict a lot of these units on ebay soon.


They’re nice hardware units actually, so :ok_hand: :+1:

They can’t make $ due to the ongoing customer support and warranty overhead costs, so they basically blackmail their existing customer base into purchasing new hardware and/or signing up for a new higher recurring extortion fee? They are headed towards bankruptcy.

Glad I run pfsense on protectli. Thanks @LTS_Tom

Thoma Bravo effect…….

1 Like

Is there a list somewhere giving the hardware specs. on the different models and versions?

Just wondering if these are similar enough to servers that we could use them for things like virtualization hosts in labs.

Thanks. Looks like the XG 550, 650, and 750 are the only ones powerful enough to make decent VM hosts. But they might also get really cheap once everyone starts to see what’s happening.

Just wanted to provide small bit of clarification on the licensing. I am a Sophos partner and deploy their FWs. The licensing changes are for ‘term’ licensing not for MSP licensing. As an MSP I can activate / deactivate a FW as necessary, so licensing is month to month. Only restriction that I am aware of is at EOL where the device will no longer be supported. I can say I am not quite sure if it would be bricked at this point or would still function as a basic FW with no subscription (protection), but I wouldn’t run it that way anyhow). I am not married to Sophos but IMO it is a good solution, especially with their endpoint software, which when coupled with the FW provides ‘Synchronized Security’, which will isolate the endpoint should it become infected. I do plan at some point in near future to check out pfSense & Zorus.

Every enterprise class firewall I’ve seen when it’s tied to a subscription model still let you run the unit forever even the support and security subscription expires. Just you won’t get support or updates until you renew the subscription.

It would make the company look really bad to have their enterprise unit shut off on their customers simply because they let their subscription expired.

Although I am seeing big increase of subscription cost on alot of devices including Fortinet.

I am just happy to be on pfsense at home and few of our remote offices running netgate.

I am in the process of migrating 15 sites to netgate appliances from fortigate. Fortigates are complete trash and have stupid vulnerabilities and flaws. We even paid for the 3yr enterprise support for our main office and purchased all of our firewalls and the cost savings was night and day.

That’s funny, one of the people in my IT department was raving about how nice the Fortigate thing was that they installed in our esports room. And how he wants to get more for the rest of the college to replace the Cisco device, etc., and would save a bunch of money in the process.

I’ve watched Tom’s videos on some of the historic issues and thought, maybe not, but didn’t voice my concern because I have no influence over the decision.

I’ll admit that they have a pretty good interface and make some things pretty painless to setup. But you start going outside of the lines a little bit and you find yourself in the CLI because they didn’t bother to put everything in the UI. so if your setup requires a little advanced configuration, good luck.

Their SSL-VPN is wide open for brute force and there is nothing you can do about it. They are very aware of it and still don’t do anything about it. Their forums are flooded with questions on why this is an issues and they literally just ignore it. Can’t even make rules to block it, can’t modify the embedded webpage… nothing. And that is just naming one of the many issues with it.

The cost savings just to put this in prospective for anyone reading.

Fortigate Renewal Cost:
$430.56/unit x 11 units x 3yrs = $14208.48

Pfsense purchases:
Netgate 2100 - $349.00/unit x 11 = $3989.00
Netgate Enterprise support (3yrs) - $2397/unit x 2 = $4794 << Only needed for the main office
3 year total: $8633.00

1 Like

Yep, that’s the biggest gripe of the Fortigate’s ssl-vpn that you can’t change it nor disable the WebGUI page without disabling SSL-VPN. Lucky I had it set up to only allow users with the proper security group in AD (LDAP) for access. Still an issue with brute force, I get constant e-mails on this. With recent HTTPS vulnerabilities I’ve had enough with their lack of security nonsense and disabled it for good and moved my users to pfsense’s wireguard as a VM. Couldn’t be more happier with this setup.

Like I said in my previous post I’ve stopped buying Fortigates for remote offices and use Netgates instead.